STRATEGIC RISK OF A BANK: ASSESSMENT PROPOSALS AND INTERRELATION WITH THE COMPLIANCE RISK

The article is aimed at forming a procedure for assessing the bank’s strategic risk and substantiating its relation to the compliance risk of financial monitoring. The concept of strategic risk is considered and the expediency of delineating its types into primary one and secondary one is substantiated, which is taken into account in the development of the assessment procedure. The proposed strategic risk assessment procedure includes three phases: the first phase involves defining the primary strategic risk by generalizing results of the ratio of actual and planned values of parameters in measurement of the degree of achieving the bank’s strategic objectives (grouped by the subsystems of a balanced scorecard); the second step is to define the secondary strategic risk using seven criteria for assessing the organizational-economic provision of the bank’s strategic management; the third stage is to substantiate the overall level of strategic risk of the bank on the basis of generalization of the conclusions on the first and second stages of the procedure. The article provides recommendations on explaining the results of the quantitative assessment of the bank’s strategic risk by differentiating its qualitative levels high, moderate, and low. It is concluded that, on the one hand, a significant gap between the actual and planned values of indicators, which reflect the strategic priorities of the bank, as well as the inefficiency of the bank’s strategic management mechanism can make it to focus (for financial gain and strategic financial objectives) on the use of a formal approach to compliance with financial monitoring legislation. On the other hand, the implementation of the compliance risk of financial monitoring and, as a result, taking enforcement actions on the side of the NBU versus the bank can increase in the level of its strategic risk.

It is generally accepted in banking practice that strategic risk is not quantifiable, and, in this regard, the issues of finding alternative approaches to assessing it (compared with financial risks) are not well developed and has not been widely considered by scientists. But the scientific literature more often highlights theoretical aspects concerning strategic risk of a bank (its essence, features of manifestation and consequences) [5-7; 11; 19; 22; 23] Golubev [21] highlight hierarchical relationships between individual banking risks that, in their opinion, are prevailing. According to the authors, these risks, along with the strategic one, include market, compliance, credit, operational and liquidity risk, while at the same time note that the strategic risk is the most global one.
Work [22] also focuses on the interconnectedness of bank risks; in particular, this is demonstrated using the example of the partial intersection of the strategic, reputational and transfer risks, business risk, credit, market and operational risks. The influence of innovative systems of remote banking services on the strategic and other bank risks are considered by L. O. Prymostka [17] and G. T. Karcheva [10]. According to G. T. Karcheva [10], this relationship is explained as follows: the application of electronic banking technologies leads to changes in the "bank-client" interaction, which in turn can have a negative influence on effectiveness of the implementation of financial monitoring procedures and result in an increase in the strategic, reputational and compliance risks.
A mong the scientific works that deal with the formation of guidelines for assessing strategic risk of a bank and the development of methodological support for managing it as a whole, researches of I. M. Rabyko [18;19] and N. P. Verkhusha [6] should be noted. I. M. Rabyko [18] proposes a methodology for measuring strategic risk of a bank, which implies its assessment according to criteria that summarize information regarding: existence of the bank's strategic plan and its adjustment (including when the bank moves to another stage of its life cycle); consideration in the strategy of the risks to which the bank is exposed in its activities; compliance with the relevant regulations and the principles of the International Accounting Standards; existence of plans for increasing revenues and optimizing expenses, carrying out recapitalization and ensuring liquidity; availability of methods for conducting stress testing for profitability; division of functions among persons responsible for elaborating and implementing the strategic development plan, control and monitoring of the strategic risk; monitoring of and stress testing for strategic risk, formalization and presentation of their results on a regular basis, etc.
Using scoring (from 1 to 4 scores: 4 -the lowest score, 1 -the highest score) and weights for each of the specific criteria for strategic risk assessment, the author offers the following interpretation of the results: ≤ 1.0the component of the risk management system is highly effective; > 1.1 and ≤ 2.0 -the component of the risk management system is sufficiently effective; > 2.1 and ≤ 3.0 -the component of the risk management system is not sufficiently effective; > 3.1 -the component of the risk management system is ineffective. Following the recommendations of N. P. Verkhusha, the level of strategic risk should be measured from with regard to reliably assessed data on errors associated with the implementation of strategic decisions of the bank and any other information about changes in its strategy [6]. БІЗНЕСІНФОРМ № 12 '2019 www.business-inform.net T he presented proposals of researchers to a greater extent cover issues related to applying the corporate (general) strategy, in particular, those managerial errors that are committed in the process of its implementation. However, reasons of emergence of strategic risk at the stage of strategy formation, in our opinion, are not fully covered. To clarify and generalize them, we will consider the definitions of the concept "strategic risk of a bank" given in relevant regulatory legal acts and the scientific literature (Tbl. 1). For example, the Guidelines for the inspection of banks Risk Assessment System [14] and the Guidelines on the Organization and Functioning of Risk Management Systems in Banks of Ukraine [15], define strategic risk as "the existing or potential threat to income and capital arising due to incorrect managerial decisions, inappropriate implementation of the decisions and inadequate response to changes in the business environment. This risk arises from the inconsistency of: strategic goals of the bank; business strategies designed to achieve the goals; resources involved in achieving the goals; quality of their implementation". goals and activities; inconsistency of strategic decisions, etc. In view of this, recommendations on differentiation of the types of strategic risk of a bank are proposed to be taken into account when assessing its overall level.
Within the established procedure for measuring strategic risk of a bank, the level of primary strategic risk is determined by summarizing information on the comparison of the actual values of the bank's performance indicators with the desired target priorities, which are declared in the strategic plan, the level of the secondary strategic risk -by evaluating the organizational and economic support for strategic bank management. S ince strategic risk of a bank arises directly in the strategic management process, the implementation of which is characterized by certain features in different banks (in terms of choosing tools for the formation of analytical support for the development and implementation of the strategy), it is proposed to assess the primary strategic risk using indicators that are grouped within the subsystems of the Balanced Scorecard (BSC). Table 1 Definition of the concept "strategic risk of a bank" in the scientific literature

Author(-s), source
Definition of the concept "strategic risk of a bank" V. V. Bobyl [5] The likelihood of deviation from the target figures due to inadequate response to changes in the business environment of the bank A potential threat to a bank's financial condition as a result of incorrect determination of its de velopment strategy and ways for achieving it, which is manifested in changes in the bank's net profit and / or equity N. P. Verkhusha [6]; I. M. Rabyko [19]; Ye. G. Knyazeva, N. I. Parusimova [11] Risk associated with the occurrence of debts and financial losses in a bank, with the nonreceipt of the target revenues as a result of mistakes and omissions made in making decisions that de termine the strategy of the bank's activities and development and are manifested in: neglecting possible dangers that threaten the bank's activities; incorrect or insufficiently justified identifica tion of promising activities in which the bank can achieve advantages over its competitors; lack or insufficient provision of necessary resources (financial, material and technical, human ones) or adequate organizational and control measures to achieve the goals of the bank's activities V. P. Gmyria [7] Risk arising from incorrect or insufficiently justified identification of promising activities of the bank; lack or insufficient provision of necessary resources or adequate organizational measures to achieve the strategic goals of banking organizations Studying the essence of the strategic risk leads to the conclusion that the reasons for its occurrence may be insufficiently justified in the process of forming the general strategy strategic goals or strategic measures and failure to implement them, as well as incorrectly set target values of indicators used to measure the strategic goals. Therefore, it is necessary to distinguish between primary and secondary strategic risk, which should be considered as risk of incorrect setting of target parameters and risk of failure of management decisions respectively. In this case, the secondary strategic risk is produced as a result of management failures, in particular: inconsistencies of the strategic goals, the strategic goals and resources necessary for their achievement by the bank, the strategic The idea of forming a balanced set of indicators belongs to the American researchers R. Kaplan and D. Norton [2] and is highlighted in many scientific works on development of analytical systems (in particular, [1; 3; 4] and others). The main feature of the BSC proposed by D. Norton and R. Kaplan, in comparison with derivatives and analogous tools, is the possibility of its using not only as a system for evaluating performance but as a strategic management tool as well. Moreover, if we consider BSC as a tool for strategic management of the bank as a whole, the logic of its using is as follows: it allows 1) carrying out a comprehensive assessment of the bank's activities due to a balanced combination of financial and non-financial indicators (Key Performance Indicators or KPIs), which ЕКОНОМІКА ФІНАНСИ, ГРОШОВИЙ ОБІГ І КРЕДИТ БІЗНЕСІНФОРМ № 12 '2019 www.business-inform.net are grouped within four subsystems (Finance, Customer, Internal Processes, Learning and Growth); 2) based on the results of the assessment, formulating strategic goals united by cause and effect relationship; 3) determining and formalizing the general development strategy, monitoring the implementation of the strategy and evaluating its effectiveness. T hus, it can be concluded that, encompassing the strategic management cycle, the BSC provides the management of the bank with complete information on its financial activities and factors that influence it; allows checking the current corporate strategy for completeness, consistency and relevance; contributes to concentration of efforts on the bank's strategic activities; provides for communication at all levels of the bank's management; aims to optimize the bank's business processes and innovation; ensures increased strategic efficiency and can be successfully integrated into the controlling system; allows to predict appearance of problems and timely respond to risks. Moreover, it is critical that the requirements for the strategy (from the point of view of its balance), which must be met for a successful implementation of the BSC, are quite closely correlated with factors influencing the secondary strategic risk.
The developed procedure for assessing a bank's strategic risk includes three stages ( Fig. 1): at the first stage, a quantitative assessment of the primary strategic risk is carried out (based on the approximation of the actual values of financial and non-financial parameters for measuring strategic goals to the target values, the indicator StRI 1 is calculated); at the second stage, by interviewing internal experts (heads of functional departments of the bank), an assessment of the secondary strategic risk is provided (using the Rasch model [8], with the help of the criteria presented in [12] and supplemented by the criterion "incoherence and inconsistency of the adopted strategic decisions", the indicator StRI 2 is calculated); at the third stage -the general level of the strategic risk is determined.
At the final stage of the procedure for assessing strategic risk of a bank, the results of determining the quantitative levels of the primary and secondary strategic risk are synthesized (with regard to the need to bring the secondary strategic risk indicator to the measurement system -from 0 to 1). After that, the arithmetic mean value of the indicators StRI1 and StRI2 is calculated and the level of the total strategic risk is determined.
To provide a qualitative interpretation of the results of the quantitative assessment of strategic risk of a bank, an interval scale constructed using the golden section can be applied. According to this scale, if the quantitative value of the indicator of the total strategic risk falls within the range from 0 to 0.382, it indicates a low (acceptable) level of risk; within the range from 0.383 to 0.618 -a medium (moderate) level of risk; within the range from 0.619 to 1 -a high level of risk.
Given the content-related characteristics of the components of a bank's strategic risk (primary and secondary strategic risk), it is possible to streamline the chain of cause and effect links not only with financial risks but also with non-financial risks of banks. In particular, with the compliance risk, which in the Regulation on Implementing the Financial Monitoring by Banks [16] is defined as "the risk of legal liability or the risk of application of enforcement measures by the NBU, financial losses and reputational losses that the bank may incur due to nonprovision of the appropriate level of compliance with all requirements of the laws of Ukraine, regulations, rules, internal documents of the bank, rules of conduct that can be applied when the bank fulfills its obligation as a reporting entity". The necessity of studying this risk under modern conditions is gaining importance due to the intensification of implementing the International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation (the FATF standards) and, accordingly, an increased attention to the banking system as a link in criminal money laundering schemes. I n the annual reports of the NBU for 2017-2018 [20], it was noted that to ensure proper supervision over bank's compliance with legislation requirements in the field of financial monitoring during this period, NBU specialists conducted 53 scheduled and 3 unscheduled field inspections of Ukrainian banks as well as 86 desk inspections. Based on the results of inspections, for violation of the law on financial monitoring, the following measures were applied: in 2017 -37 banks received written warnings, and 15 decisions on imposing fines for the total amount of UAH67 552 001 were approved; in 2018 -22 banks received written warnings, and 14 decisions regarding penalties for the total amount of UAH152 072 978.26 were recorded.
The data on the results of inspections of individual Ukrainian banks, aimed at prevention and counteraction to legalization (laundering) of proceeds from crime, terrorist financing and the financing of proliferation of weapons of mass destruction, for January-November 2019 are presented in Tbl. 2.
According to the data in Tbl. 2, in January -November 2019, the NBU made a decision on applying enforcement measures to 23 banks (to Megabank JSCtwice (in February and November). To 6 of them (Pravex Bank JSC, Universal Bank JSC, OTP Bank, Bank Vostok PJSC, Bank Credit Dnipro JSC and Ukrgasbank JSB) both penalties and written warnings were applied as enforcement measures.
The total amount of fines for banks that violated legislation in the field of financial monitoring for the corresponding period is UAH 49127515.21, and the main reason for applying fines to most of them is an inappropriate analysis of financial transactions of their clients in view of the risk-based approach. Moreover, for these banks, the amount of fines was much less than for those БІЗНЕСІНФОРМ № 12 '2019 www.business-inform.net Stage 1: Assessment of the primary strategic risk of the bank

Determination of actual values of indicators for measuring the degree of achievement of strategic goals, which are grouped within the subsystems of the BSC:
Subsystem "Finance": indicators of liquidity, pro tability, nancial stability and business activities of the bank; Subsystem "Customer": indicators of customer relationship, customer pro tability and customer retention; Subsystem "Internal Processes": indicators of operating expenses and innovative activities of the bank; Subsystem "Learning and Growth": indicators of sta e ciency, quali cations and competence, motivation level

Calculation of StRI
where p -is the ratio of the total number of positive responses from experts on the criteria for assessing the level of strategic risk (K 1 -K 7 ) to their maximum possible number; K 1 -inconsistency of the goals of the bank and the resources necessary to achieve them; K 2 -inconsistency of the stakeholders' interests; For example, financial schemes the nature and consequences of which give reason to believe that they are related to legalization of criminal proceeds were found in the activity of 8 banks. In particular, the schemes implemented through the so-called layering and imply the conversion of non-cash resources into cash. In the explana-tions of the NBU [9] on the implementation of risk-taking activities in the field of financial monitoring by these banks, the following schemes were identified: the issuance of cash which came to the accounts of a group of individuals from a legal entity -the bank client -as loans and the repayment of these loan obligations by two other legal entities with signs of fictitiousness (Megabank JSC in the amount of UAH211.8 million); transferring funds from  customer accounts to accounts with other banks and the delivery of these funds by means of cash-in transit services of other banking institutions to the business units of these customer (JSCB Industrialbank -in the amount of about UAH906 million, PJSC "MTB BANK" -UAH1.18 billion, OTP BANK -more than UAH700 million, JSC "Alpari bank" -UAH400 million); crediting of funds to customer accounts with signs of fictitious activity (transfer from counterparties, some of which are clients of other banks) with their subsequent transfer to other companies (Universal Bank JSC -in the amount of UAH 2.8 billion) within the following few days; conducting cyclical financial transactions with government bonds on behalf of individual customers, including public figures or persons close to them (JSC Bank Alliance and "RwS bank"). It should be noted that the main reasons for the emergence of compliance risk are inefficient work of the compliance control department, imperfect internal bank systems for financial monitoring and insufficient experience of banks in these areas.
H owever, an increase in strategic risk resulting from incorrect determination (in this caseoverestimation) of the values of target indicators for measuring strategic goals as well as from inefficiency of the strategic management mechanism also makes it possible for banks to use a formal approach to meeting the requirements of legislation in the field of financial monitoring. This means that due to the failures to reduce the level of strategic risk through using internal drivers (managerial decisions to improve strategic plans) and the reluctance to adjust target parameters, in order to obtain financial benefits and achieve strategic financial goals, banks face a risk of being involved in legalizing criminal proceeds and, accordingly, compliance risk. As an example of using a formal approach to meeting the requirements of legislation in the field of financial monitoring, we can consider the information published by the NBU [9] about Universal Bank JSC. In particular, the fact that within a month after making the decision to terminate business relations with customers who were posing an unacceptably high risk, the bank continued to service them and conducted financial transactions in the amount of about UAH266 million.

CONCLUSIONS
From a practical point of view, the significance of the presented procedure for assessing strategic risk of a bank is that the results of its implementation can be used: firstly, for justifying decisions to minimize strategic risk by adjusting the strategy (clarifying and changing strategic measures, reviewing strategic goals and parameters, measuring their achievements) and optimizing managerial decisions in general; secondly, in the context of managing the compliance risk, organizing the work of the bank's compliance control department and its internal financial monitoring system. It is also advisable to note that the occurrence of compliance risk initiates the growth of strategic risk. In particular, due to the application of financial sanctions to the bank, it leads to the emergence of reputational risk, the strengthening of which may negatively affect the level of effectiveness of the strategy implemented by the bank.  LITERATURE